This rule flags the method sendRedirect(String) from the javax.servlet.http.HttpServletResponse interface as the behavior of this method may not be as expected. The WebSphere implementation of the ServletResponse.sendRedirect() method converts the URL to a relative URL. It removes any path information preceding the last slash. If this is not the expected behavior for your application, you can correct it by setting a web container custom property. You should check your application to see what types of URLs are passed on the sendRedirect() method calls to determine if any action needs to be taken.
The web container custom property
com.ibm.ws.webcontainer.RedirectWithPathInfo
can be used to enable the non-relative URL behavior. If this property is set to true, then response.sendRedirect will redirect with the path information.
Starting with the Servlet 3.1 implementation, this behavior is the default and the web container custom property is ignored.
Example:
|
protected void doGet(HttpServletRequest req, HttpServletResponse resp)throws ServletException, IOException {
// code resp.sendRedirect("xyz"); } |
The method call resp.sendRedirect("xyz"); will get flagged
For additional information, see
Web container custom properties